Hi Jan/Team, Yes , In syslog we noticed "crypto: none" during startup of corosync service.
In Corosync communication which protocols/ports transfer sensitive data which need to be secured ? Or It will have only binary protocol like 5405 port for all corosync communication? Thanks and Regards, S Sathish S -----Original Message----- From: Jan Friesse <jfrie...@redhat.com> Sent: 23 January 2023 14:50 To: Cluster Labs - All topics related to open-source clustering welcomed <users@clusterlabs.org> Cc: S Sathish S <s.s.sath...@ericsson.com> Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default Hi, On 23/01/2023 01:37, S Sathish S via Users wrote: > Hi Team, > > corosync 2.4.4 version provide mechanism to secure the communication path > between nodes of a cluster by default? bcoz in our configuration secauth is > turned off but still communication occur is encrypted. > > Note : Capture tcpdump for port 5405 and I can see that the data is already > garbled and not in the clear. It's binary protocol so don't expect some really readable format (like xml/json/...). But with your config it should be unencrypted. You can check message "notice [TOTEM ] Initializing transmit/receive security (NSS) crypto: none hash: none" during start of corosync. Regards, Honza > > [root@node1 ~]# cat /etc/corosync/corosync.conf totem { > version: 2 > cluster_name: OCC > secauth: off > transport: udpu > } > > nodelist { > node { > ring0_addr: node1 > nodeid: 1 > } > > node { > ring0_addr: node2 > nodeid: 2 > } > > node { > ring0_addr: node3 > nodeid: 3 > } > } > > quorum { > provider: corosync_votequorum > } > > logging { > to_logfile: yes > logfile: /var/log/cluster/corosync.log > to_syslog: no > timestamp: on > } > > Thanks and Regards, > S Sathish S > > > _______________________________________________ > Manage your subscription: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 > 5555731-d41b18997a64a81a&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u= > https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers > > ClusterLabs home: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 > 5555731-b3537e65a3f1def4&q=1&e=d75dcac1-7d11-41aa-b596-47366bde2862&u= > https%3A%2F%2Fwww.clusterlabs.org%2F > _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/